Bump the tensorflow group across 1 directory with 7 updates

[dependabot]

Bumps the tensorflow group with 7 updates in the /tensorflow directory:

Package	From	To
jupyterlab	4.2.0b1	4.3.0a0
jupyterhub	4.1.5	5.0.0
notebook	7.2.0b0	7.3.0a0
neural-compressor	2.5.1	2.6
tensorflow	2.15.0	2.16.1
numpy	1.26.4	2.0.0
requests	2.32.0	2.32.3

Updates jupyterlab from 4.2.0b1 to 4.3.0a0

Release notes

Sourced from jupyterlab's releases.

v4.3.0a0

4.3.0a0

(Full Changelog)

Enhancements made

• Add the command to toggle the virtual scrollbar to the palette #16322 (@​jtpio)
• Add a signal to proxy all Completer.selected signals #16312 (@​ajbozarth)
• Advertise the color scheme based on the theme #16301 (@​krassowski)
• Allow to select the path in debugger source component #16246 (@​krassowski)
• Add error field and animation in inline completion #15344 (@​Wzixiao)

Bugs fixed

• Fix execution in console in terminal interaction mode #16348 (@​krassowski)
• Fix workspace context menu incorrectly showing up in other sidebar sections #16346 (@​krassowski)
• Fix Shift + Tab contextual help inspector tooltip regression #16343 (@​krassowski)
• Reactive toolbar: avoid simultaneous calls to _onResize() #16335 (@​brichet)
• Upgrade CodeMirror dependencies #16306 (@​krassowski)
• Resetting a shortcut does not restore and enable the default if it was modified #16304 (@​itsmevichu)
• Allow to invoke inline completer anywhere (not only at the end of line) #16298 (@​ajbozarth)
• Search and replace with substring in markdown and raw cells #16293 (@​JasonWeill)
• Wait for the cell toolbar items to be rendered the first time before looking for overlap #16291 (@​brichet)
• Add lowercase proxy vars and make priority consistent with other tools #16287 (@​jgoodson)

Maintenance and upkeep improvements

• Do not check links to Jupyter blog on Medium #16351 (@​krassowski)
• Update .git-blame-ignore-revs #16333 (@​fcollonval)
• Run Python tests on MacOS with Python 12, replace canvas with jest-canvas-mock #16314 (@​krassowski)
• Allow RegExp in galata helper when looking for a tab #16302 (@​brichet)
• Update to Playwright 1.44.0 #16300 (@​jtpio)
• Wait for the cell toolbar items to be rendered the first time before looking for overlap #16291 (@​brichet)
• Bump the pip group with 7 updates #16270 (@​dependabot)

Documentation improvements

• Run Python tests on MacOS with Python 12, replace canvas with jest-canvas-mock #16314 (@​krassowski)

Contributors to this release

(GitHub contributors page for this release)

@​ajbozarth | @​brichet | @​dependabot | @​fcollonval | @​github-actions | @​itsmevichu | @​JasonWeill | @​jgoodson | @​jtpio | @​jupyterlab-probot | @​krassowski | @​Rob-P-Smith | @​welcome | @​Wzixiao

v4.2.2

... (truncated)

Changelog

Sourced from jupyterlab's changelog.

4.3.0a0

(Full Changelog)

Enhancements made

• Add the command to toggle the virtual scrollbar to the palette #16322 (@​jtpio)
• Add a signal to proxy all Completer.selected signals #16312 (@​ajbozarth)
• Advertise the color scheme based on the theme #16301 (@​krassowski)
• Allow to select the path in debugger source component #16246 (@​krassowski)
• Add error field and animation in inline completion #15344 (@​Wzixiao)

Bugs fixed

• Fix execution in console in terminal interaction mode #16348 (@​krassowski)
• Fix workspace context menu incorrectly showing up in other sidebar sections #16346 (@​krassowski)
• Fix Shift + Tab contextual help inspector tooltip regression #16343 (@​krassowski)
• Reactive toolbar: avoid simultaneous calls to _onResize() #16335 (@​brichet)
• Upgrade CodeMirror dependencies #16306 (@​krassowski)
• Resetting a shortcut does not restore and enable the default if it was modified #16304 (@​itsmevichu)
• Allow to invoke inline completer anywhere (not only at the end of line) #16298 (@​ajbozarth)
• Search and replace with substring in markdown and raw cells #16293 (@​JasonWeill)
• Wait for the cell toolbar items to be rendered the first time before looking for overlap #16291 (@​brichet)
• Add lowercase proxy vars and make priority consistent with other tools #16287 (@​jgoodson)

Maintenance and upkeep improvements

• Do not check links to Jupyter blog on Medium #16351 (@​krassowski)
• Update .git-blame-ignore-revs #16333 (@​fcollonval)
• Run Python tests on MacOS with Python 12, replace canvas with jest-canvas-mock #16314 (@​krassowski)
• Allow RegExp in galata helper when looking for a tab #16302 (@​brichet)
• Update to Playwright 1.44.0 #16300 (@​jtpio)
• Wait for the cell toolbar items to be rendered the first time before looking for overlap #16291 (@​brichet)
• Bump the pip group with 7 updates #16270 (@​dependabot)

Documentation improvements

• Run Python tests on MacOS with Python 12, replace canvas with jest-canvas-mock #16314 (@​krassowski)

Contributors to this release

(GitHub contributors page for this release)

@​ajbozarth | @​brichet | @​dependabot | @​fcollonval | @​github-actions | @​itsmevichu | @​JasonWeill | @​jgoodson | @​jtpio | @​jupyterlab-probot | @​krassowski | @​Rob-P-Smith | @​welcome | @​Wzixiao

4.2.0

(Full Changelog)

... (truncated)

Commits

• fb2aff9 [ci skip] Publish 4.3.0a0
• 52b641e Do not check links to https://blog.jupyter.org/ (#16351)
• 4e0cbc0 Fix Shift + Tab contextual help inspector tooltip regression (#16343)
• 3079730 Add the command to toggle the virtual scrollbar to the palette (#16322)
• 56a0121 Fix workspace menu incorrectly showing up in non-workspace sections of the si...
• f1a006d Fix execution in console in terminal interaction mode (#16348)
• 44b82c8 Avoid conflicting call of _onResize() (#16335)
• e34aad0 Add Signal to proxy all Completer selected Signals (#16312)
• 5a74e4f Update .git-blame-ignore-revs (#16333)
• d86e3cd Bump the pip group with 7 updates (#16270)
• Additional commits viewable in compare view

Updates jupyterhub from 4.1.5 to 5.0.0

Commits

• c616ab2 Bump to 5.0.0
• 41090ce Merge pull request #4820 from minrk/rel5
• d7939c1 one last patch
• d93ca55 update nginx ssl url
• 9ff11e6 Merge pull request #4821 from yuvipanda/fix-bootstrap
• 66ddaeb [pre-commit.ci] auto fixes from pre-commit.com hooks
• 2598ac2 Fix missing form-control classes & some padding
• 4ab36e3 final changelog for 5.0.0
• 282cc02 Merge pull request #4815 from minrk/admin-test
• 6912a5a Merge pull request #4817 from minrk/share-code-full-url
• Additional commits viewable in compare view

Updates notebook from 7.2.0b0 to 7.3.0a0

Release notes

Sourced from notebook's releases.

v7.3.0a0

7.3.0a0

(Full Changelog)

Enhancements made

• Support custom page_data_hook function #7387 (@​bluestealth)
• Add missing "Open..." file menu #7385 (@​martinRenou)
• Duplicate notebook menu option #7374 (@​JasonWeill)

Bugs fixed

• "Close and Shut Down Notebook" shuts down without the confirmation dialog #7384 (@​JasonWeill)
• Adds message about building code before running 'develop' #7382 (@​JasonWeill)

Maintenance and upkeep improvements

• Update to JupyterLab 4.3.0a0 #7378 (@​jtpio)

Documentation improvements

• Adds message about building code before running 'develop' #7382 (@​JasonWeill)

Contributors to this release

(GitHub contributors page for this release)

@​bluestealth | @​github-actions | @​JasonWeill | @​jtpio | @​martinRenou

v7.2.1

7.2.1

(Full Changelog)

Bugs fixed

• Remove pseudoelement obstructing the cell collapser #7392 (@​krassowski)

Contributors to this release

(GitHub contributors page for this release)

@​github-actions | @​jtpio | @​meeseeksmachine

v7.2.0

... (truncated)

Changelog

Sourced from notebook's changelog.

7.3.0a0

(Full Changelog)

Enhancements made

• Support custom page_data_hook function #7387 (@​bluestealth)
• Add missing "Open..." file menu #7385 (@​martinRenou)
• Duplicate notebook menu option #7374 (@​JasonWeill)

Bugs fixed

• "Close and Shut Down Notebook" shuts down without the confirmation dialog #7384 (@​JasonWeill)
• Adds message about building code before running 'develop' #7382 (@​JasonWeill)

Maintenance and upkeep improvements

• Update to JupyterLab 4.3.0a0 #7378 (@​jtpio)

Documentation improvements

• Adds message about building code before running 'develop' #7382 (@​JasonWeill)

Contributors to this release

(GitHub contributors page for this release)

@​bluestealth | @​github-actions | @​JasonWeill | @​jtpio | @​martinRenou

7.2.0

(Full Changelog)

Enhancements made

• Update to JupyterLab 4.2.0 #7357 (@​jtpio)
• Update to JupyterLab 4.2.0rc0 #7333 (@​jtpio)
• Add @jupyterlab/theme-dark-high-contrast-extension #7331 (@​jtpio)
• Update to JupyterLab 4.2.0a2 #7307 (@​jtpio)

Bugs fixed

• Add the @jupyterlab/notebook-extension:copy-output plugin #7353 (@​jtpio)
• Fix CSS for full windowing mode #7337 (@​jtpio)
• Force notebook windowing mode to defer #7335 (@​jtpio)
• Fix scrollbar always showing up by default #7327 (@​jtpio)
• Default to the full windowing mode #7321 (@​jtpio)

... (truncated)

Commits

• 9c70c13 Publish 7.3.0a0
• 1a03b9d Add missing "Open..." file menu (#7385)
• b010e1d Support custom page_data_hook function (#7387)
• 433f180 Shuts the notebook down without the confirmation dialog (#7384)
• eace81c Adds message about building code before running 'develop' (#7382)
• 368080f Update to JupyterLab 4.3.0a0 (#7378)
• 0a66f40 Duplicate notebook menu option (#7374)
• 30587b8 Publish 7.2.0
• 31bf294 Add user facing changelog for 7.2 (#7372)
• 08fe5c5 Update @jupyterlab/galata (#7361)
• Additional commits viewable in compare view

Updates neural-compressor from 2.5.1 to 2.6

Release notes

Sourced from neural-compressor's releases.

Intel® Neural Compressor v2.6 Release

• Highlights
• Features
• Improvements
• Examples
• Bug Fixes
• External Contributions
• Validated Configurations

Highlights

• Integrated recent AutoRound with lm-head quantization support and calibration process optimizations
• Migrated ONNX model quantization capability into ONNX project Neural Compressor

Features

• [Quantization] Integrate recent AutoRound with lm-head quantization support and calibration process optimizations (4728fd)
• [Quantization] Support true sequential options in GPTQ (92c942)

Improvements

• [Quantization] Improve WOQ Linear pack/unpack speed with numpy implementation (daa143)
• [Quantization] Auto detect available device when exporting (7be355)
• [Quantization] Refine AutoRound export to support Intel GPU (409231)
• [Benchmarking] Detect the number of sockets when needed (e54b93)

Examples

• Upgrade lm_eval to 0.4.2 in PT and ORT LLM example (fdb509) (54f039)
• Add diffusers/dreambooth example with IPEX (ba4798)

Bug Fixes

• Fix incorrect dtype of unpacked tensor issue in PT (29fdec)
• Fix TF LLM SQ legacy Keras environment variable issue (276449)
• Fix TF estimator issue by adding version check on TF2.16 (855b98)
• Fix missing tokenizer issue in run_clm_no_trainer.py after using lm-eval 0.4.2 (d64029)
• Fix AWQ padding issue in ORT (903da4)
• Fix recover function issue in ORT (ee24db)
• Update model ckpt download url in prepare_model.py (0ba573)
• Fix case where pad_max_length set to None (960bd2)
• Fix a failure for GPU backend (71a9f3)
• Fix numpy versions for rnnt and 3d-unet examples (12b8f4)
• Fix CVEs (5b5579) (25c71a) (47d73b) (41da74)

External Contributions

• Update model ckpt download url in prepare_model.py (0ba573)
• Fix case where pad_max_length set to None (960bd2)
• Add diffusers/dreambooth example with IPEX (ba4798)

Validated Configurations

• Centos 8.4 & Ubuntu 22.04 & Win 11 & MacOS Ventura 13.5
• Python 3.8, 3.9, 3.10, 3.11
• PyTorch/IPEX 2.1, 2.2, 2.3

... (truncated)

Commits

• 2928d85 update v2.6 release readme (#1871)
• 48c5e3a Modify WOQ examples structure (#1866)
• 498af74 Update SQ/WOQ status (#1869)
• b401b02 Add PT2E cv&llm example (#1853)
• e470f6c [3x] add recommendation examples (#1844)
• a141512 Improve UT Branch Coverage for TF 3x (#1867)
• b99a79d modify 3.x ipex example structure (#1858)
• 922b247 Add TF 3x Examples (#1839)
• 70a1d50 fix 3x ipex static quant regression (#1864)
• 4e45f8f Improve UT Coverage for TF 3x (#1852)
• Additional commits viewable in compare view

Updates tensorflow from 2.15.0 to 2.16.1

Release notes

Sourced from tensorflow's releases.

TensorFlow 2.16.1

Release 2.16.1

TensorFlow

• TensorFlow Windows Build:
  • Clang is now the default compiler to build TensorFlow CPU wheels on the Windows Platform starting with this release. The currently supported version is LLVM/clang 17. The official Wheels-published on PyPI will be based on Clang; however, users retain the option to build wheels using the MSVC compiler following the steps mentioned in https://www.tensorflow.org/install/source_windows as has been the case before
• TensorFlow 2.16 will be released as TF 2.16.1 (instead of 2.16.0). The patch release will be done as 2.16.2 during the next release cycle.

Breaking Changes

• tf.summary.trace_on now takes a profiler_outdir argument. This must be set if profiler arg is set to True.

  • tf.summary.trace_export's profiler_outdir arg is now a no-op. Enabling the profiler now requires setting profiler_outdir in trace_on.

• tf.estimator

  • The tf.estimator API is removed.
  • To continue using tf.estimator, you will need to use TF 2.15 or an earlier version.

• Keras 3.0 will be the default Keras version. You may need to update your script to use Keras 3.0.

• Please refer to the new Keras documentation for Keras 3.0 (https://keras.io/keras_3).

• To continue using Keras 2.0, do the following.

• 1. Install tf-keras via pip install tf-keras~=2.16

  2. To switch tf.keras to use Keras 2 (tf-keras), set the environment variable TF_USE_LEGACY_KERAS=1 directly or in your python program with import os;os.environ["TF_USE_LEGACY_KERAS"]="1". Please note that this will set it for all packages in your Python runtime program

  3. Change the keras import: replace import tensorflow.keras as keras or import keras with import tf_keras as keras. Update any tf.keras references to keras.

• Apple Silicon users: If you previously installed TensorFlow using pip install tensorflow-macos, please update your installation method. Use pip install tensorflow from now on.

• Mac x86 users: Mac x86 builds are being deprecated and will no longer be released as a Pip package from TF 2.17 onwards.

Known Caveats

• Full aarch64 Linux and Arm64 macOS wheels are now published to the tensorflow pypi repository and no longer redirect to a separate package.

Major Features and Improvements

• Support for Python 3.12 has been added.
• tensorflow-tpu package is now available for easier TPU based installs.
• TensorFlow pip packages are now built with CUDA 12.3 and cuDNN 8.9.7
• Added experimental support for float16 auto-mixed precision using the new AMX-FP16 instruction set on X86 CPUs.

Bug Fixes and Other Changes

• tf.lite

... (truncated)

Changelog

Sourced from tensorflow's changelog.

Release 2.16.1

TensorFlow

• TensorFlow Windows Build:
  • Clang is now the default compiler to build TensorFlow CPU wheels on the Windows Platform starting with this release. The currently supported version is LLVM/clang 17. The official Wheels-published on PyPI will be based on Clang; however, users retain the option to build wheels using the MSVC compiler following the steps mentioned in https://www.tensorflow.org/install/source_windows as has been the case before
• TensorFlow 2.16 will be released as TF 2.16.1 (instead of 2.16.0). The patch release will be done as 2.16.2 during the next release cycle.

Breaking Changes

• tf.summary.trace_on now takes a profiler_outdir argument. This must be set if profiler arg is set to True.

  • tf.summary.trace_export's profiler_outdir arg is now a no-op. Enabling the profiler now requires setting profiler_outdir in trace_on.

• tf.estimator

  • The tf.estimator API is removed.
  • To continue using tf.estimator, you will need to use TF 2.15 or an earlier version.

• Keras 3.0 will be the default Keras version. You may need to update your script to use Keras 3.0.

• Please refer to the new Keras documentation for Keras 3.0 (https://keras.io/keras_3).

• To continue using Keras 2.0, do the following.

• 1. Install tf-keras via pip install tf-keras~=2.16

  2. To switch tf.keras to use Keras 2 (tf-keras), set the environment variable TF_USE_LEGACY_KERAS=1 directly or in your python program with import os;os.environ["TF_USE_LEGACY_KERAS"]="1". Please note that this will set it for all packages in your Python runtime program

  3. Change the keras import: replace import tensorflow.keras as keras or import keras with import tf_keras as keras. Update any tf.keras references to keras.

• Apple Silicon users: If you previously installed TensorFlow using pip install tensorflow-macos, please update your installation method. Use pip install tensorflow from now on.

• Mac x86 users: Mac x86 builds are being deprecated and will no longer be released as a Pip package from TF 2.17 onwards.

Known Caveats

• Full aarch64 Linux and Arm64 macOS wheels are now published to the tensorflow pypi repository and no longer redirect to a separate package.

Major Features and Improvements

• Support for Python 3.12 has been added.
• tensorflow-tpu package is now available for easier TPU based installs.
• TensorFlow pip packages are now built with CUDA 12.3 and cuDNN 8.9.7
• Added experimental support for float16 auto-mixed precision using the new AMX-FP16 instruction set on X86 CPUs.

Bug Fixes and Other Changes

• tf.lite
  • Added support for stablehlo.gather.

... (truncated)

Commits

• 5bc9d26 Merge pull request #63073 from Intel-tensorflow/kanvi/update-release-notes
• 086d2cc Merge pull request #63127 from rtg0795/r2.16
• 82cdec2 Update RELEASE.md
• 563129d Merge pull request #63120 from tensorflow/MarkDaoust-2.16-release-notes
• 152a11b Merge branch 'r2.16' into MarkDaoust-2.16-release-notes
• 1196a06 Merge pull request #63121 from tensorflow-jenkins/version-numbers-2.16.1-25649
• 46faa44 Update release notes for TensorFlow 2.16.1 (#63117)
• 5fdacf3 Merge pull request #63119 from tensorflow/patch-r2.16-release-notes
• 887bcc9 Update version numbers to 2.16.1
• f1b3d80 Fix formatting.
• Additional commits viewable in compare view

Updates numpy from 1.26.4 to 2.0.0

Release notes

Sourced from numpy's releases.

v2.0.0

NumPy 2.0.0 Release Notes

NumPy 2.0.0 is the first major release since 2006. It is the result of 11 months of development since the last feature release and is the work of 212 contributors spread over 1078 pull requests. It contains a large number of exciting new features as well as changes to both the Python and C APIs.

This major release includes breaking changes that could not happen in a regular minor (feature) release - including an ABI break, changes to type promotion rules, and API changes which may not have been emitting deprecation warnings in 1.26.x. Key documents related to how to adapt to changes in NumPy 2.0, in addition to these release notes, include:

• The numpy-2-migration-guide
• The Numpy 2.0-specific advice in for dpwmstream package authors

Highlights

Highlights of this release include:

• New features:
  • A new variable-length string dtype, numpy.dtypes.StringDType and a new numpy.strings namespace with performant ufuncs for string operations,
  • Support for float32 and longdouble in all numpy.fft functions,
  • Support for the array API standard in the main numpy namespace.
• Performance improvements:
  • Sorting functions sort, argsort, partition, argpartition have been accelerated through the use of the Intel x86-simd-sort and Google Highway libraries, and may see large (hardware-specific) speedups,
  • macOS Accelerate support and binary wheels for macOS >=14, with significant performance improvements for linear algebra operations on macOS, and wheels that are about 3 times smaller,
  • numpy.char fixed-length string operations have been accelerated by implementing ufuncs that also support numpy.dtypes.StringDType in addition to the fixed-length string dtypes,
  • A new tracing and introspection API, numpy.lib.introspect.opt_func_info, to determine which hardware-specific kernels are available and will be dispatched to.
  • numpy.save now uses pickle protocol version 4 for saving arrays with object dtype, which allows for pickle objects larger than 4GB and improves saving speed by about 5% for large arrays.
• Python API improvements:

... (truncated)

Commits

• 1d49c7f Merge pull request #26698 from charris/prepare-2.0.0
• 2103511 DOC: Remove duplicate in author list.
• db8030e BUG: Change cibuildwheel version [wheel build]
• 1a68264 REL: Prepare for the NumPy 2.0.0 release [wheel build]
• c8665ba Merge pull request #26696 from charris/backport-26582
• 103f4dd Merge pull request #26697 from charris/backport-25963
• c193dcd Merge pull request #26695 from charris/backport-26667
• 8fa8191 BUG: Fix bug in numpy.pad() (#25963)
• ece3559 BUG: weighted nanpercentile, nanquantile and multi-dim q (#26582)
• b31e195 BUG: Adds asanyarray to start of linalg.cross (#26667)
• Additional commits viewable in compare view

Updates requests from 2.32.0 to 2.32.3

Release notes

Sourced from requests's releases.

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

Changelog

Sourced from requests's changelog.

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

Commits

• 0e322af v2.32.3
• e188799 Don't create default SSLContext if ssl module isn't present (#6724)
• 145b539 Merge pull request #6716 from sigmavirus24/bug/6715
• b1d73dd Don't use default SSLContext with custom poolmanager kwargs
• 6badbac Update HISTORY.md
• a62a2d3 Allow for overriding of specific pool key params
• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• `@dependabot unignore <ignore con...

Description has been truncated

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

tensorflow/jupyter-requirements.txt

Package	Version	License	Issue Type
jupyterhub	5.0.0	Null	Unknown License

tensorflow/serving/requirements.txt

Package	Version	License	Issue Type
numpy	2.0.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/jupyterhub	5.0.0	🟢 6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
pip/jupyterlab	4.3.0a0	🟢 5.8	Details Check Score Reason Code-Review 🟢 9 Found 27/29 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 9 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during GetBranch(4.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
pip/notebook	7.3.0a0	🟢 4.2	Details Check Score Reason Code-Review ⚠️ 2 Found 8/30 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during GetBranch(7.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 11 existing vulnerabilities detected
pip/jupyterhub	4.1.5	🟢 6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
pip/jupyterlab	4.2.0b1	🟢 5.8	Details Check Score Reason Code-Review 🟢 9 Found 27/29 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 9 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during GetBranch(4.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
pip/notebook	7.2.0b0	🟢 4.2	Details Check Score Reason Code-Review ⚠️ 2 Found 8/30 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during GetBranch(7.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 11 existing vulnerabilities detected
pip/neural-compressor	2.6	🟢 6.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 28/29 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 87 existing vulnerabilities detected
pip/neural-compressor	2.5.1	🟢 6.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 28/29 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 87 existing vulnerabilities detected
pip/numpy	2.0.0	🟢 8.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 15 out of 15 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 project has 95 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy 🟢 9 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/requests	2.32.3	🟢 8.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 29 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits
pip/numpy	1.26.4	🟢 8.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 15 out of 15 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 project has 95 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy 🟢 9 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/requests	2.32.0	🟢 8.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 29 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits

Scanned Manifest Files

tensorflow/jupyter-requirements.txt

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

tensorflow/multinode-requirements.txt

• [email protected]
• [email protected]

tensorflow/serving/requirements.txt

• [email protected]
• [email protected]
• [email protected]
• [email protected]

[tylertitsworth]

@dependabot rebase